Critical bugs enable hackers to take control of Ubiquiti devices
Vulnerabilities can be chained to compromise entire systems.

Image by Cybernews.
- Ubiquiti has addressed 25 critical security flaws, including maximum-severity bugs in the UniFi OS, Connect Application, and network infrastructure.
- Hackers can exploit these vulnerabilities to run malicious commands on the host and elevate privileges without needing passwords or user interaction.
- Users are urged to update their devices to the latest version to prevent exploitation.
Ubiquiti has disclosed multiple critical-severity vulnerabilities with a broad blast radius, affecting a wide range of products, including routers, gateways, video security, NAS products, and others. Hackers only need network access to run commands on the host and elevate privileges.
The latest Ubiquiti security advisory addresses 25 security vulnerabilities, just weeks after it patched a previous batch of critical flaws threatening complete compromise.
A maximum severity (10 out of 10) bug affects the UniFi Connect Application, a centralized platform for managing smart building technology, such as digital displays, smart lighting, EV charging stations, audiovisual systems, and similar.
Hackers don’t need any passwords, logins, or user interaction – just network access to the UniFi device to run malicious commands on the host. Sometimes they won’t even need to be on the same WiFi or LAN – thousands of UniFi devices are exposed on the internet.
“A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device,” the security advisory reads.
Updating to the latest version is the only mitigation.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Several critical 9.9 out of 10 UniFi OS vulnerabilities have the broadest potential blast radius – they affect critical network infrastructure, including Ubiquiti’s routers, cloud controllers, network video recorders, NAS products, as well as UniFi OS Server, which is a central dashboard to manage the devices.
One of them is an improper Input validation bug tracked as CVE-2026-54402, which enables hackers to inject commands into the host with network access and low privileges.
However, the “low privileges” requirement can be eliminated by another highly severe path traversal bug (CVE-2026-54403) that allows bypassing authentication.
The Unifi Access Application, which handles building door controls and physical security, contains three flaws. A critical 9.9 out of 10 bug allows attackers on the same network and with low privileges to inject commands into the host, while the second bug can be exploited to escalate privileges. The third high-severity path traversal vulnerability exposes files on the host device to the network.
Check if your data has been leaked
UniFI Talk Application is also affected by a similar 9.9/10 flaw that enables hackers on the same network “to exploit a series of authenticated SQL Injection vulnerabilities … to escalate privileges on the host device.”
Unifi Protect, Ubiquiti’s security camera and surveillance system, is also critically flawed: the 9.9/10 server-side request forgery bug enables attackers to escalate privileges on the host device, while other bugs enable authentication bypass for data streaming, accessing cameras, and lighting devices.
The advisory urges updating all the affected devices and software to the latest version.
The US cyber watchdog, the Cybersecurity and Infrastructure Security Agency (CISA), previously warned that threat actors began actively exploiting the previously disclosed critical bugs just days after they were unveiled.